Problem with Joomla all the time.

[Exter]

Hello i´m quite new on this forum.

I have some irritating problems with joomla users.

I have about 200 customers and everyone are using joomla.

I want help to how i can secure me from joomla hackers. The biggest problem is if one has be hacked so are they starting perl script to attack another hosts on internet.

So i want have a solution. How can i stop them doing this?

I have tried stop php-exec and look on all php. But still the users can eat 100 % cpu with out any problem.

Have no one a idea how to secure things like not them running perl scripts. And kill they process if they using 100 % cpu or more.

Im wery glad if someone can help me to understand how to secure!

//Martin

 

[floyd]

Good thread here
http://www.directadmin.com/forum/showthread.php?t=14383

The best thing to do is to search the forum. No point in saying the same things here yet again.

 

[Exter]

Yes i know that one.

But is still not answer my question how to stop the process to eat 100% cpu.

I know where all .pl script will be located. But can we stop that kill the server?

Like scripts kill a perl process if its eat allot of cpu.


//Martin

 

[floyd]

This link is posted many, many times on this forum.
http://www.webhostgear.com/353.html

 

[ranz]

Looks like a great tool, however:

wget http://www.webhostgear.com/projects/nobodycheck/install.sh
--2010-05-03 09:45:19--  http://www.webhostgear.com/projects/nobodycheck/install.sh
Resolving www.webhostgear.com... 69.164.214.105
Connecting to www.webhostgear.com|69.164.214.105|:80... connected.
HTTP request sent, awaiting response... [B]404 Not Found[/B]
2010-05-03 09:45:21 ERROR 404: Not Found.

might need to be updated?

 

[LawsHosting]

Looks like a great tool, however:

Ironic...... Anyone used this tool, is it effective, and know of another source?

 

[mehrdadabed]

here is my recommendation regarding your case :

1- if most of your users are using Joomla then its possible that a hacker accesses all the other config files by hacking only one insecure account, so the fist thing you should do is to set permission 400 too all configuration files, this may help :

# find /home/ -name configuration.php | xargs chmod 400

2- activate option "open_basedir" to limit each user in his directory, if use suphp check this post :

http://www.directadmin.com/forum/showthread.php?t=29387

3- update the kernel of your OS to last version (so important):

# yum check-update kernel
# yum update kernel


4- I suggest to disable /usr/bin/perl generally and open it for certain users which need it.

 

[floyd]

Looks like a great tool, however:

wget http://www.webhostgear.com/projects/nobodycheck/install.sh
--2010-05-03 09:45:19--  http://www.webhostgear.com/projects/nobodycheck/install.sh
Resolving www.webhostgear.com... 69.164.214.105
Connecting to www.webhostgear.com|69.164.214.105|:80... connected.
HTTP request sent, awaiting response... [B]404 Not Found[/B]
2010-05-03 09:45:21 ERROR 404: Not Found.

might need to be updated?

Dang. Its was working last week. The page is still up http://www.webhostgear.com/353.html

Its a very effective tool. It has saved me numerous times.

 

[ranz]

@mehrdadabed:

great advice there - I like open_basedir ..

@floyd:

do you still have the install.sh script on your box? perhaps you could share ...

 

[floyd]

@floyd:

do you still have the install.sh script on your box? perhaps you could share ...

The license does not allow me to do that:

Licensing
Nobody Check is Copyright of Wave Point Media Inc. and WebHostGear. All rights reserved. We express no warranty or liability if you use this tool. This script may not be copied, altered or redistributed unless you have explicit written permission from Wave Point Media Inc.